You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@apr.apache.org by bu...@apache.org on 2013/02/23 03:12:07 UTC
[Bug 54603] New: [PATCH] apr_password_validate() crypt() support
unreliable as of 1.5
https://issues.apache.org/bugzilla/show_bug.cgi?id=54603
Bug ID: 54603
Summary: [PATCH] apr_password_validate() crypt() support
unreliable as of 1.5
Product: APR
Version: HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: APR-util
Assignee: bugs@apr.apache.org
Reporter: harvey.eneman@oracle.com
Classification: Unclassified
Created attachment 29984
--> https://issues.apache.org/bugzilla/attachment.cgi?id=29984&action=edit
Adjust nested conditions.
If a hash begins with '$' but is not blowfish or the custom apr algorithm, I
think apr_password_validate() should still "feed it to crypt() if possible" as
it did in 1.4.6. As presently implemented, apr_password_validate() instead
fall out and uses an uninitialized char array in a string comparison. The
nested conditional statement appears to a programming error. I've attached a
patch that I think adjusts the conditional statements appropriately.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org
[Bug 54603] [PATCH] apr_password_validate() crypt() support
unreliable as of 1.5
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54603
Rainer Jung <ra...@kippdata.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Rainer Jung <ra...@kippdata.de> ---
Thanks for the patch.
Fixed in r1449308 for apr trunk and r1449309 for apr 1.5.x.
Will be part of 1.5.2.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org
[Bug 54603] [PATCH] apr_password_validate() crypt() support
unreliable as of 1.5
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54603
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #29984|0 |1
is patch| |
Attachment #29984|application/octet-stream |text/plain
mime type| |
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org